More than a quarter (27%) of organizations have banned the use of generative AI among their workforce over privacy and data security risks, at least temporarily, according to the Cisco 2024 Data Privacy Benchmark Study.
Most organizations have also instituted controls on these tools. Nearly two-thirds (63%) have established limitations on what data can be entered and 61% have limits on which Gen AI tools can be used by employees.
Despite these restrictions, many organizations admitted inputting sensitive data into generative AI applications. This included information about internal processes (62%), employee names or information (45%), non-public information about the company (42%) and customer names or information (38%).
Most respondents (92%) viewed generative AI as a fundamentally different technology with novel challenges and concerns requiring new techniques to manage data and risk.
The biggest concerns cited were that these tools could hurt the organization’s legal and intellectual property rights (69%), the information entered could be shared publicly or with competitors (68%), and that the information it returns to the user could be wrong (68%).
Amid these issues, 91% of security and privacy professionals acknowledged that they need to do more to reassure customers about their data use with AI.
However, none of the actions listed in the study to build trust with consumers in this area exceeded 50% of respondents.
Dev Stahlkopf, Cisco Chief Legal Officer, commented: “Organizations see generative AI as a fundamentally different technology with novel challenges to consider.
“More than 90% of respondents believe AI requires new techniques to manage data and risk. This is where thoughtful governance comes into play. Preserving customer trust depends on it.”
Data Privacy Critical to Commercial Success
Nearly all (94%) security and privacy professionals said their customers would not buy from their organization if they did not protect data properly.
Encouragingly, 97% feel they have a responsibility to use data ethically, and 95% argue the business benefits of privacy investment are greater than the costs.
The growing connection between data privacy and business benefits has made this area a key boardroom issue. Nearly all (98%) respondents reported one or more privacy metrics to the board, and over half reported three or more.
The top privacy metrics used were audit results (44%), data breaches (43%), data subject requests (31%) and incident response (29%).
The respondents were overwhelmingly in favor of governments implementing data privacy laws, with 80% believing privacy laws have had a positive impact on their organization, and just 6% a negative impact.
Harvey Jang, Cisco Vice President and Chief Privacy Officer, noted that compliance with data privacy laws provides “hard evidence” to consumers that organizations are adequately protecting their data.
“These stats are the highest we’ve seen in Cisco’s privacy research over the years, proving once more that privacy has become inextricably tied to customer trust and loyalty. This is even more true in the era of AI, where investing in privacy better positions organizations to leverage AI ethically and responsibly,” said Jang.